package com.nhjf.common.web.filter;



import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;

import com.nhjf.common.Constants;



public class AuthAndSessionFilter implements Filter {
	private static final Logger log = Logger
			.getLogger(AuthAndSessionFilter.class);

	FilterConfig fc;

	public void destroy() {
		// 消毁方法
	}

	/*
	 * 验证Session是否存在或过期，验证是否具有访问权限
	 */
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		
		String urlwrong = "/admin/login.jsp?errorCode=003";
		HttpServletRequest hreq = (HttpServletRequest) request;
		HttpServletResponse hres = (HttpServletResponse) response;
		HttpSession session = hreq.getSession();
		String url=hreq.getServletPath();
	
		if (url.equals("/login.do")||url.equals("/admin/login.jsp")) {
			chain.doFilter(request, response);
		} else {
			// 验证session
			if (session != null
					&& session.getAttribute(Constants.USER_INFO) != null) {
				log.info("session is have");
				chain.doFilter(request, response);
			} else {
				log.info("session havan't");
				hres.sendRedirect(hreq.getContextPath() + urlwrong);
			}
			// 验证权限
			// if(){
			//			
			// }
		}
		
	}

	/*
	 * 初使化过滤器
	 */
	public void init(FilterConfig fc) throws ServletException {
		this.fc = fc;
	}

}